Privacy policy

Kiplin Mobile Application Privacy Policy

Preamble

Kiplin (whose registered office is located at 28 bis quai François Mitterrand – Rdc - Bâtiment B 44273 Nantes CEDEX 2 - France; registered with the Nantes Trade and Companies Registry under number 808 669 642) (hereinafter "Kiplin" or "we" or "our") develops and operates preventive healthcare programs aimed at having a positive impact on the health and quality of life of its users. Your participation in our programs involves the use of Kiplin Mobile Application and the processing of your personal data. At the heart of our mission, we place our commitment to transparency regarding the data collected about you and its use.

Kiplin is a data controller within the meaning of the applicable regulations on the protection of personal data (including in particular the General Data Protection Regulation (GDPR) and the amended Data Protection Act). This Privacy Policy, drawn up in accordance with the above-mentioned regulations, is intended to inform you explicitly about:

  • The personal data we process,
  • The reasons why we process your data,
  • Your rights regarding your data and how to exercise them.

This Privacy Policy applies when you use the Kiplin Mobile Application. 

If you have any questions regarding our Privacy Policy and the processing of your personal data, as well as to exercise your rights regarding the processing of your personal data, you can contact our Data Protection Officer at the following email address: dpo@kiplin.com or at the following postal address: Kiplin, Data Protection Officer, 28 bis quai François Mitterrand 44200 Nantes.

Article 1 - Definitions

Customer: means the legal entity contractually bound to Kiplin by the General Terms and Conditions of Sale and by the Special Terms and Conditions of Service, having subscribed to a Program or a Game; The Customer can be your company or a complementary social protection organization (mutual insurance company, provident fund, insurance company) if the use of this application is proposed to you through your work; the Customer can also be your health institution if the application is proposed to you by your doctor; 

Health data: means personal data relating to the physical or mental health of an individual, including the provision of health care services, which reveals information about the health status of that individual;

Games: refers to the collective actions/challenges offered by Kiplin to promote the physical activity of the Participants. The Games take place within a limited period of time according to conditions defined within Kiplin Mobile Application. On the basis of their physical activity, Participants accumulate points and allow their team to progress in the game;

GTCU: refer to the general terms and conditions of use of Kiplin Mobile Application;

Kiplin Mobile Application: refers to the mobile application developed by Kiplin, available on Google Play and on the Apple Store, which makes it possible to (i) collect physical activity data from Participants for the purposes of participating in the Programs and Games, (ii) access the Games and Programs offered by Kiplin;

Messaging Spaces: refers to the discussion and content sharing spaces present within the Kiplin Mobile Application, enabling Participants to exchange with each other (comments, content, etc.) under the conditions provided for in the GTCUs;

Participant(s): refers to the natural persons participating in the Programs and/or Games operated by Kiplin;

Personal Data: means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier, or to one or more factors specific to his or her physical, physiological, genetic, mental, economic, cultural or social identity;

Prescriber: refers to the physician who initiated your participation in the Kiplin Programs and issued you a prescription. He/she then becomes joint data controller;

Privacy Policy: refers to the present document, accessible within Kiplin Mobile Application, which details our methods regarding the collect, use, sharing and storage of your personal information.

Program(s): refers to the physical activity programs, organized by Kiplin alone or with a Partner, accessible through Kiplin Mobile Application. Programs operated by Kiplin may include, but are not limited to, the following events: physical condition assessments, connected games aimed at encouraging the practice of physical activity on a daily basis, physical activity sessions accessible in person or remotely, health education webinars.

Article 2 - Personal data processed by Kiplin

The collection and processing of your personal data within Kiplin Mobile Application has the following main purposes:

  • To allow participation in our Games and Programs;
  • Initiate good practices related to your daily physical activity;
  • Encourage your physical activity, when it is part of a health care program, and your participation in Kiplin Programs has bprescribed by your physician;

  • To measure the impact of your participation on your physical activity level and health;
  • To enhance the user experience;
  • Send you newsletters, unless you exercise your right to object by clicking on the unsubscribe link at the bottom of the email;
  • To offer you technical assistance if necessary;
  • To carry out statistics and research to study the link between daily physical activity and health.

When you use our Mobile Application and participate in our Games and Programs, we process the following personal data:

  • User account data  

To benefit from the services offered by Kiplin, you must create a Kiplin account via Kiplin Mobile Application. To create this user account, we ask you to fill in a form with the following mandatory information:

  • Name,
  • First name,
  • Pseudonym of your choice,
  • Email address,
  • Password.

The collection of this data is necessary for the execution of the contract concluded between Kiplin and you upon your acceptance of General Terms and Conditions of Use (GTCU). 

The collection of this data allows the creation of a Kiplin account and allows us to be in contact with you during the Games and Programs for animation and support purposes.  

  • User profile data

When creating your account, you will also be asked to fill in some profile information about yourself, namely: 

  • Sex,
  • Year of birth.

This data is optional and its collection is based on your consent, except in the context of Programs accessible on medical prescription. These Programs available on prescription include fitness testing, whose results are based on "age" and "gender" parameters.

Their processing should allow us to better analyze the impact of our solution on our users, taking into account the factors likely to have an influence on the adherence and effectiveness of our solution, i.e. in order to produce statistics related to physical activity of categories of people according to age and/or sex.

  • Contact data

Exclusively in the context of Programs accessible on medical prescription, the collection of the following personal data is necessary to make secure your participation in adapted physical activity remote sessions :

  • Your address (street name and number, postal code, city, country),
  • Your telephone number - also necessary to facilitate the coordination of your course,
  • Name, first name and telephone number of your emergency contact.

Their collection is necessary for the execution of the contract concluded between Kiplin and you when you accepted the GTCU.

  • Physical activity data

Participation in our Games and Programs necessarily involves the collection of physical activity data about you:

  • Number of steps and/or distance cycled,
  • Duration and intensity of physical activity sessions carried out.

When you create an account and/or when you change your physical activity tracker within the Kiplin Mobile Application, we retrieve a 15-day activity history from the new connected data source in order to measure your physical activity level before using Kiplin.

Regardless of the data source used, we do not collect any geolocation data about you (GPS).

The collection of physical activity data is necessary for the execution of the contract concluded between Kiplin and you upon your acceptance of the GTCU. 

Their collection and processing allow you to track your level of physical activity and accumulate points in our Games and Programs. It also allows us to evaluate the impact of our solution on your physical activity level.

  • State of health data

Within the framework of health programs accessible on medical prescription, the course that we propose to you must be adapted to your state of health. This implies the collection of several medical data such as:

  • pathologies, limitations or treatments to be taken into account in your physical activity,
  • the results of physical fitness tests (for example: distance covered during a 6-minute walking test, number of sisequences performed over 30 seconds),

  • age, sex and weight/height, data needed to calculate fitness test results,
  • perception of your health (collected by means of self-administered questionnaires),
  • number of steps per day,
  • duration and intensity of physical activity sessions performed.

The collection of this data is necessary for your care as part of the treatment program prescribed by your physician. 

The Prescriber may have access to all the data concerning you, including health data, collected via the Kiplin mobile application. The Prescriber is subject to medical confidentiality.

This data allows us to adapt our Programs to your health condition and also to evaluate the impact of the Program on your health condition.

  • Contributions on Messaging Spaces

As part of your participation in our Games and Programs, you have the opportunity to interact with other participants via a Messaging Space and to share messages.

Within this framework, the messages will necessarily be processed by Kiplin.

Participation in the Messaging Spaces is free and not mandatory.

Contributions to the Messaging Spaces are made at the initiative of the Participants, with the aim of interacting with other Participants. Kiplin may analyze this data in an aggregated and anonymous format to extract the main themes discussed on these messaging spaces and the feelings expressed. 

  • Internet (cookies, tracking, navigation data, audience measurements, ...)

When you use Kiplin Mobile Application, certain data is collected, namely:

  • Date and time of your use of the Kiplin Mobile Application,
  • Monitoring of navigation within Kiplin Mobile Application.

The processing of this data, collected through the use of cookies, pixel tags or other similar technologies present on our app or in our e-mails, is necessary for the legitimate interests pursued by Kiplin in order to improve the overall user experience. Audience measurement cookies on Kiplin Mobile Application only aims at providing aggregated and anonymous statistics which do not require the user consent.

Article 3 – Third parties with access to your personal data

Your personal data is confidential and therefore only accessible to Kiplin and Kiplin's technical service providers necessary to achieve the above-mentioned purposes. They are not intended to be transferred or sold.

Use of the Kiplin Mobile Application outside a medical or medico-social environment

When the use of the Kiplin Mobile Application is offered outside the medical environment, the Customer may have access to the following personal data about you via a dedicated tool provided by Kiplin:

  • Last name and first name used in the Kiplin Mobile Application,
  • Subscription date to Game or Program.

Access to this data is intended to enable the Customer to track the identification and number of subscribers to the Game or Program to which he/she has subscribed. The Customer has a legitimate interest in ensuring effective participation in the Game and Program.

The provision of this data to the Customer is based on Kiplin's legitimate interest in being able to guarantee the Customer the correct identity of the subscribers for whom he has contracted.

Use of the Kiplin Mobile Application in a medical or medico-social environment

When the use of the Kiplin Mobile Application is offered to you in the context of medical or healthcare (i.e., the Customer with whom we have contracted is your healthcare facility or an organization providing prevention missions for example), the healthcare professional(s) or professionals who support you in your physical activity (for example a doctor, an adapted physical activity teacher, a physiotherapist) can have access to your data collected by Kiplin, including health data, via a dedicated tool made available by Kiplin. Access to your data should allow the professional(s) to better support you and evaluate the impact of the Program on your physical activity and health.

  • Kiplin's technical service providers

Kiplin's technical service providers, acting in its name and on its behalf for the performance of the services and for the above-mentioned purposes, may have access to your personal data (namely: Proginov for hosting your data in a health data hosting environment, Brevo for sending emails and sms (sms can only be used in Programs accessible on medical prescription to facilitate the coordination of the patient journey), Livestorm for carrying out remote physical activity sessions and webinars, and Intercom for providing technical support). Data collected by these service providers are all hosted within the European Union zone.

  • Other participants  

Other participants in the Program and/or the Games in which you participate have only access to the pseudonym you have chosen and to statistics on your physical activity data within the frame of the Games (for instance, the rankings available within the Games). 

You also have access to messaging spaces with other participants (for example, messages within a Program or an Game) on which you are free to post contributions (messages, pictures, etc.) that will be public within this messaging space and therefore accessible by other participants, in compliance with the GTCU.

  • Other third parties

We may also share your personal data with third parties: (1) if we obtain your express prior consent; (2) in response to a subpoena, legal proceeding, or other legal obligation; or (3) if necessary, to defend our rights.

Article 4 - Security of your data

Kiplin implements all appropriate measures to ensure the security and privacy of your data and limit the risk of loss, damage or misuse of your data.

Your data are hosted in France within a health data hosting environment (Hosting: Proginov - SIRET: 40350374100031 - Address: Parc d'Activité de Tournebride 44118 La Chevrolière). 

Access to your personal data is restricted to authorized Kiplin employees and our service providers, acting in our name and on our behalf, who need this information in order to perform their services for Kiplin. 

Article 5 - Personal data retention period

Your personal data will be stored for a period of 1 year from the date of your last use of the Kiplin mobile application. Beyond this period the data will be anonymized and will no longer allow you to be identified. To do this, we will delete any directly identifying data concerning you (surname, first name, email, pseudonym) and will take additional measures if we consider that the remaining data concerning you allows your identification.

As an exception, cookies will be deleted 13 months after their creation and billing data will be kept 5 years from the date of invoice.

Article 6 - Your rights

Under current legislation, you have the following rights over your personal data: access, rectification, erasure, processing restriction, objection, portability.

The right of access: you can access your user account and consult your data at any time. 

The right of rectification: you can rectify some of your personal data through your personal account. You can also ask us to rectify or update your data if they are inaccurate.

The right to erasure: you can ask us to erase all or part of your personal data.

The right to object and restrict processing: in certain cases, you may ask us to object processing or restrict processing of all or part of your personal data.

The right to data portability: you may request a copy of your personal data, as well as a copy of the data you have provided in a way that is accessible and machine-readable, in order to transfer them to another data controller.

These rights can be exercised by sending a request to Kiplin by e-mail to dpo@kiplin.com or to the address of its registered office, 28 bis quai François Mitterrand 44200 Nantes. 

You also have the possibility to file a complaint with the French data protection authority (Commission Nationale de l'Informatique et des Libertés (CNIL)) if you believe that the processing of your data is not carried out in accordance with the applicable provisions. 

You may at any time interrupt your participation in a Kiplin program and request, if you wish, the deletion of your Kiplin’s account. 

In addition, any person whose personal data is collected may define general or specific guidelines for the storage, erasure and communication of his or her personal data after his or her death. The specific guidelines can be registered with the data controller. The general directives may be registered with a trusted digital third party certified by the CNIL. General or specific directives may be modified or deleted at any time.

Article 7 - Update of our privacy policy

Kiplin reserves the right to update this Privacy Policy at any time, particularly in the event of the addition of products and applications, the improvement of our offers and according to technological and regulatory changes. We encourage you to consult it regularly. You can find out when this Privacy Policy was last updated by referring to the "Applicable from" mention at the top of this document. Any changes will take effect upon publication of the revised Privacy Policy.

We will notify you if these changes are substantial. This change notice will be sent by e-mail and published on the Kiplin mobile application.

If, after reading this Privacy Policy, you would like to receive further information about our management of your personal data, you can send us your questions by sending us an e-mail to the following address: dpo@kiplin.com.